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SYSTEM FOR ENHANCING THE TRANSHISSZON SECURITY 
OF THE E-UliIX«S IN THE INTERNET NETWORK 



Techxiical field of the invention 

The present invention relates to the security in the 
5 transmission of the e-mails over an unsecured data 
transmission network and in particular relates to a system for 
eniiancing the transmission security of the eTinails in the 
Internet network. 

Background art 

10 Today, the use of e-mails is widely spread. When the sender 
forwards an e-mail to a recipient, the action is immediate and 
imless a problem is encountered between the sender server and 
the recipient server, the e-mail is delivered in the recipient 
mailbox without any control on the way taken by the forwarded 

15 message in terms of network infrastructure. 

Most countries have specific legal protections that prevent 
authorities and individuals from opening and reading the paper 
mail. Unfortunately, few coxmtries have provided the same 
protections for the electronic mail, which gives individuals, 

20 companies and authorities a legal room to read the e-mails. 
Thus, the e-mails can be read at any of the routers along the 
path taken by the e-mail to reach its destination over the 
Internet. However, due to the growth of commercial and private 
contracts materialized by the electronic mail, it becomes 

25 crucial to be able to guarantee privacy of such exchanges. 

To prevent attacks of e-mails, the usage of encryption 
algorithms either symmetric or asymmetric to secure the e-mail 
exchange over the internet is widely spread. Thus, in the key 
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encryption, there is a private key kept private for the owner, 
which is used to sign the data whereas a p\ablic key which can 
be known of many people is used for decrypting the message. To 
improve the security, such keys have a minimum of 40 bits but 
5 are longer and longer. For example, the symmetric algorithm 
Data Encryption Standard specifies 56-bit keys in some 
countries and 128-bit keys in other ones like the USA. 
■Mierefore, there is no doubt that such a continuous growth of 
the key length is not a solution for the security problem. 

IQ Summary o£ the invention 

Accordingly, the object of the invention is to provide a 
system and to achieve a method which can be adapted to any 
kind of e-mail being transmitted over the Internet network 
without requiring the use of sophisticated algorithms and/or 
15 more and more long encjryption keys. 

The invention therefore relates .to a system for enhancing the 
security of the e-mails transmitted from a sender to a 
receiver over a data transmission network such as Internet 
wherein a Message Transfer Agent (MTA) associated with the 

20 sender is in charge of transmitting over the network an 
original e-mail sent by the sender. The MTA associated with 
the sender includes a message splitting means adapted to 
divide the original e-mail into a plurality of chunks 
according to a predetermined algorithm and a predetermined 

25 list of relay MTAs to which are forwarded the plurality of 
ch\inks. The system conqprises a chimk assembly agent for 
receiving from the relay MTAs the plurality of chunks and 
re-asserrtbling them by using the predetermined algorithm in 
order to re-build the e-mail before sending it to the receiver 
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Brief description of the drawings 

The above and other objects, features and advantages of the 
invention will be better understood by reading the following 
more particular description of the invention in conjunction 
with the accompanying drawings wherein: 
"Fig. 1 is a schematic representation of a system according 
to the invention wherein an e-mail is divided into three 
chunks using three different paths over Internet; and 
■Fig. 2 is a diagram representing the original e-mail divided 
into five chunks distributed among three different e-mails. 

Detailed description o£ the invention 

In reference to FIG.I, in the system according to the 
invention, it is assumed that a sender 10 wants to send an 
e-mail to a receiver 12 over the public data transmission 
network, that is internet, represented inside the dotted lines 
in the figure. 

The e-mail MSG sent by the sender 10 can be encrypted by the 
public key of the receiver 12 even though this is not 
mandatory. The e-mail MSG preferably encrypted is then 
provided for transmission to the associated Message Transfer 
Agent (MTA) 14 after adding a mail header such as the e-mail 
COMPLETE MSG to be forwarded is as follows: 



To : receiver@dest . domain 
From : sender 
Subject : secure mail 
ENCRYPTED TEXT 



Wherein receiver @dest .domain is the address of the receiver 
mailbox. It must be noted that this address is in clear 
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insofar as the sender MTA 14 is a secure zone that can be the 
Intranet network of a company or the client device of a 
standalone user. 

The sender MTA 14 includes two essential means according to 
the invention : a message splitter agent 16 and a list of 
relay MTAs 18. The message splitter agent 16 is in charge of 
dividing the received e-mail COMPLETE MSG into a plurality of 
chunks and to encrypt each chunk with its mail header by using 
the public key of a specific mailbox having the address 
highlysecureedest.dom. Each new e-mail MSG CHUNK is as 
follows : 

To : receiver@dest . domain 
From : sender 
Subject : secure mail 
Chunk : n 
chunk cotont : N 

A same MAIL HEADER is added to each encrypted chunk before 
sending it over the Internet network. This MAID HEADER is as 
follows : 

To highlysecur eedest . domain 
From : Confidential 
Subject : XXX 

By using its list of relay MTAs 18, the sender MTA 14 forwards 
each encrypted chunk with its header to a different relay MTA. 
Thus, in the example illustrated in FIG.l, the e-mail is 
divided into three e-mails forwarded to the relay MTAs 20, 22 
and 24. Thus, sending a plurality of chunks to respectively a 
plurality of MTAs ensures a different pathway for each chunk 
while they transit over the unsecured public network. It must 
be noted that such a division into chunks Ccui depend on the 
security level recpiired by the sender. 
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Since all the chunk e-mails have the same destination address 
highlysecureedest. domain, they are received by a single 
deliver MTA 26 associated with this address. Then, the deliver 
MTA sends the received chunk e-mails to the mailbox 
corresponding to the address highlysecure@dest .domain which is 
a chunk assembly agent 28 . By using its private key, the chunk 
assanbly agent 28 decrypts each received e-mail and can 
re-assemble the plurality of received chunks by using the same 
algorithm which has been used by the message splitter agent to 
divide the original e-mail into a plurality of chunks, the 
chunk number n included in the header being used to 
concatenate the chunks in the right order even if they have 
been received in a different order. 

Finally, the original message COMPLETE MSG which has been 
obtained after re-assembling the chunks in the chunk assembly 
agent 28, is forwarded to the mailbox of the receiver 12 by 
the deliver MTA 26. 

The scrambling algorithm used to divide the original e-mail 
into a plurality of chunks may be any kind of algorithm. But 
as mentioned above, it is essential that the chunk assembly 
agent uses the same algorithm to re-assemble the e-mail as the 
one used by the message splitter agent to divide the e-mail 
into chunks. 

For instance, it can be assumed that each chunk is composed of 
the same number of n bytes. Assuming that there are m relay 
MTAs, the original e-mail could be divided in the following 
way: 

Bytes from 1 to n in chunk #1 for the first relay MTA 
Bytes from n+1 to 2n in chunk #2 for the second relay MTA 
Bytes from 2n+l to 3n in chunk #3 for the third relay MTA 

Bytes from mn+1 to (m+l)n in chunk #m+l for the m*^ relay MTA 
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Bytes from (m+l)n+l to (in+2)n in chunk #m+2 for the first 
relay MTA 

Bytes from (m+2)n+l to (m+3)n in chunk #m+3 for the second 
relay .MTA 



According to another more secxxre embodiment, the original 
e-mail may be divided at the character level. A possible 
algorithm consists in taking sequentially each character and 
put it in a chxxnk the number of which is defined by the 
10 following foanmila used with X chunks: 

Chijnk # = 1 + <order number of the character> modulo X 

Assiaming that the message is 'DIVIDE THE MESSAGE" and that the 
characters are put into 5 chunks, the chixnks are the 
following: 
15 Chunk 1 DE A 

Chunk 2 I MG 

Caiunk 3 VTBE 

Chxmk 4 IHS 

Chunk 5 DES 

20 Then, the chunks could be distributed randomly into the 
different e-mails forwarded to the relay MTAs. 

Thus, assuming that there are three relay MTAs as described in 
FIG.l, the original e-mail could be divided into 5 chunks as 
illustrated in PIG,2. In such a case, ch\ink #1 and chiink #4 

25 are included in the e-mail forwarded to relay MTA 20, chunk #2 
and chunk #5 are included in the e-mail forwarded to relay MTA 
22 and chionk #3 is forwarded to relay MTA 24. It must be noted 
that each chunk is preceded, in each e-mail , by the chuxik 
niimber in order for the chunk assembly agent 28 to be able to 

30 re-assemble correctly the original e-mail even though the 
partial e-mails are not received in the right order. 



CLAIMS 



1. System for enhancing the security of the e-mails transmitted 
from a sender <10) to a receiver (12) over a data 
transmission network such as Internet wherein a Message 
Transfer Agent (MTA) (14) associated with said sender is in 
charge of transmitting over said network an original e-mail 
sent by said sender; 

said system being characterized 

in that said MTA associated with said sender includes a 
message splitting means (16) adapted to divide said original 
e-mail into a plurality of chunks according to a 
predetermined algorithm and a predetermined list of relay 
MTAs (20, 22, 24) to which are forwarded said plurality of 
chunks ; and 

in that it conqprises a chunk assembly agent (28) for 
receiving from said relay MTAs the plurality of chunks and 
re-assembling them by using said predetermined algorithm in 
order to re-build said e-mail before sending it to said 
receiver . 

2. The system according to claim 1, wherein each of said 
plurality of chxmks is transmitted as a chtmk e-mail having 
a destination address which is the address of said chunk 
assembly agent (28) . 

3. The system according to claim 2, wherein each of said 
plurality of chunks is encrypted by using the piiblic key of 
said chunk assembly agent (28) before being transmitted over 
said network. 
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4. Method for enhancing the security of the e-mails transmitted 
from a sender (10) to a receiver (12) over a data 
transmission network such as Untemet wherein a Message 
Transfer Agent (MTA) (14) associated with said sender is in 
charge of transmitting an original e-mail sent by said 
sender; 

said method being characterized in that it consists in 
using an algorithm for dividing said original e-mail into a 
plurality of chxinks, and sending these chunks as e-mails to 
different relay MTAs (20, 22, 24) defined in a predetermined 
list of relay MTAs, re-assembling by a chunk assembly agent 
said chunks in order to re-build said original e-mail by 
using said predetermined algorithm, before sending said 
original e-mail to said receiver. 

5 . The method according to claim 4 , wherein each chunk is 
transmitted over said network in a chiink e-mail having a 
destination address which is the address of said chunk 
assembly agent. 



6. The method according to claim 4, wherein each chiank is 
encrypted by using the public key of said chunk assembly 
agent before being transmitted, said encrypted chunk e-jnail 
being decrypted when received by said chunk assembly agent 
25 using its private key. 



7. The method according to claim 6, wherein the text of said 
original e-mail is encrypted by using the public key of said 
receiver before being divided into a plurality of chvmks. 



FR920030070 



SYSa?EM FOR ENHANCIM6 THE TRftNSMlSSlON SECURITY 
OP THE E-MAILS IN THE IMTBRNET NETWORK 



Abstract 



10 



15 



System for enhancing the security of the e-mails transmitted 
from a sender (10) to a receiver (12) over a data transmission 
netvrork such as Internet wherein a Message Transfer Agent (MTA) 
(14) associated with the sender is in charge of transmitting 
over the network an original e-mail sent by the sender. The MTA 
associated with the sender includes a message splitting means 
(16) adapted to divide the original e-mail into a plurality of 
chunks according to a predetermined algorithm and a 
predetermined list of relay MTAs (20, 22, 24) to which are 
forwarded the plurality of chunks. The system corcqprises a chunk 
assembly agent (28) for receiving from the relay MTAs the 
plurality of. chunks and re-assembling them by using the 
predetermined algorithm in order to re-build the e-mail before 
sending it to the receiver. 



Fig. 1 
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